Sanjay B

• Monitored network traffic for suspicious activity using SIEM tools such as Splunk and CISCO EDR tools.
• Analyzed logs from various sources including web servers, application servers, databases, IDS and IPS systems. for possible security breaches.
• Maintained up-to-date knowledge of cyber threat landscape by researching latest attack trends and techniques used by attackers.
• Responded promptly to any reported issues or alerts related to system or network security.
• Managed user authentication and authorization of data access.
• Performing analysis of triggered alerts from Endpoint solutions such as Antivirus, EDR,SIEM,SNORT,AWS.
• Monitor endpoints for suspicious activity and Investigating incidents, remediation, tracking, and follow-up for incident closure with concerned teams, stakeholders
• Follow-up with incident response team for remediation

Deep dive analysis of triggered alerts using SIEM other analysis tools.

• Collaborated with IT teams to develop comprehensive cybersecurity strategies, reducing risks from external attacks.
• Developed and maintained detailed documentation on security processes, facilitating knowledge transfer and ensuring consistency in procedures.

• Monitored security information and event management Splunk and EDR tools for suspicious activity and potential security incidents
• Investigated security alerts and events, leveraging knowledge of threat intelligence and security best practices to determine severity and potential impact
• Followed established incident response procedures, escalating incidents to appropriate teams as needed
• Contributed to continuous improvement of security posture by documenting lessons learned and proposing changes to existing procedures
• Collaborated effectively with other security teams, IT teams, and business stakeholders to resolve security incidents and mitigate risks
• Maintained awareness of emerging threats and vulnerabilities through continuous learning and training.
• Trained junior team members on best practices in optimization strategy, fostering a culture of continuous improvement.

• Performing due diligence on Suspected spam accounts.
• Managed multiple tools to find out the detection of Malware and phishing attacks.
• Worked on User appeal Escalations.
• Conducted threat hunting activities to proactively identify and respond to potential security incidents before they escalated.
• Worked on Multiple ATO recovery user appeal
• Reviewed and analyzed safety data and statistics to identify trends and areas requiring improvement.

• Experience in using Splunk SIEM for analysing logs generated
  from Network Devices, Authentication Devices, Endpoints, Email Gateways, Antivirus logs and other cloud hosted devices.
• Deep dive analysis of triggered alerts using SIEM and other analysis tools
• Deep dive analysis of triggered alerts using SIEM and other analysis tools
• Assist IRT/SME teams in incident remediation by providing supporting data and recommendations
• Follow-up with incident response team for remediation
• Monitoring and troubleshooting Silent Log Sources
• Research, compile and organize monthly vulnerability reports
• Participate in weekly SOC meetings to discuss about raised incidents
• Involved in creating phishing awareness campaign
• Threat hunting based on the hypothesis developed by SOC Lead/Manager
• Track threat actors and associated tactics, techniques, and procedures (TTPs)
• Maintaining and improving Playbooks and processes
• Drafting shift hand-overs